Certbot: No valid ip addresses found / Invalid response found (From Google Cloud)

Question

I got this cmd:

sudo certbot --apache -d pushupteam.dev -d www.pushupteam.dev

and this is. what I got :

Saving debug log to /var/log/letsencrypt/letsencrypt.log


 Plugins selected: Authenticator apache, Installer apache
    Obtaining a new certificate

Performing the following challenges:
http-01 challenge for pushupteam.dev
http-01 challenge for www.pushupteam.dev
Enabled Apache rewrite module
Waiting for verification...
Cleaning up challenges
Failed authorization procedure. www.pushupteam.dev (http-01): urn:ietf:params:acme:error:un
authorized :: The client lacks sufficient authorization :: Invalid response from http://www
.pushupteam.dev/.well-known/acme-challenge/j4gaJn6vX6tvEGu0HQagjT69Oc3R7l_VJ8CgaluAnLk [34.
89.161.114]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>40
4 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p", pushupteam.dev (http-01): urn:
ietf:params:acme:error:dns :: No valid IP addresses found for pushupteam.dev
IMPORTANT NOTES:
 - The following errors were reported by the server:
   Domain: pushupteam.dev
   Type:   None
   Detail: No valid IP addresses found for pushupteam.dev
 - The following errors were reported by the server:
   Domain: www.pushupteam.dev
   Type:   unauthorized
   Detail: Invalid response from
   http://www.pushupteam.dev/.well-known/acme-challenge/j4gaJn6vX6tvEGu0HQagjT69Oc3R7l_VJ8C
galuAnLk
   [34.89.161.114]: "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML
   2.0//EN\">\n<html><head>\n<title>404 Not
   Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p"
   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

 

I have the Domain from Namecheap & I use google cloud DNS.

what is the Problem? I have only interest in ipv4 so no AAAA record;

also, my ufw is disabled (like all google VMs)

Edit:

my etc/apache2/sites-available/srv.conf

<VirtualHost *:80>
 ServerAdmin [email protected]
 DocumentRoot /var/www/html/
 ServerName pushupteam.dev
 <Directory /var/www/html/>
Options +FollowSymLinks
AllowOverride All
Order allow,deny
allow from all
 </Directory>
 ErrorLog /var/log/apache2/codeigniter-error_log
 CustomLog /var/log/apache2/codeigniter-access_log common
</VirtualHost>

I use Ubuntu 18.04 LTS and Apache

Edit 2:

pushupteam.dev. NS  3600    ns-cloud-b1.googledomains.com.
        ns-cloud-b2.googledomains.com.
        ns-cloud-b3.googledomains.com.
        ns-cloud-b4.googledomains.com.
pushupteam.dev. SOA 3600    ns-cloud-b1.googledomains.com.
 cloud-dns-hostmaster.google.com.
 1 21600 3600 259200 300
www.pushupteam.dev. A   60  34.89.161.114

should I reconfig my DNS?

Edit 3:

Answer 1

I encountered this error when trying to set up SSL for an application running in a DigitalOcean droplet.

When I run the command:

sudo certbot --nginx -d example.com -d www.example.com

I get the error:

No valid IP addresses found for www.example.com

OR

During secondary validation: No valid IP addresses found for www.example.com

Here's how I solved it:

Confirm that you have an A record pointing to your server’s public/floating/elastic/static IP address for the domain names that you are having issues with.

Say you want to obtain a certificate for example.com and www.example.com, ensure that they both have an A record pointing to your server’s public/floating/elastic/static IP address.

If you confirm that they are correctly set and you're still having the errors, then give it sometime, say, 30 mins to 1 hour and then try again, or better still run the certificate generation for the eligible domains, say :

sudo certbot --nginx -d example.com

once it becomes successful, run it again with all the domains you want to use to expand/modify it:

sudo certbot --nginx -d example.com -d www.example.com

Resources: No valid IP address found for domain when trying to get SSL certificate?

That's all.

I hope this helps

Answer 2

In order to run this command:

sudo certbot --apache -d pushupteam.dev -d www.pushupteam.dev

Then you need to add a DNS A resource record in your DNS server:

pushupteam.dev A 3600 34.89.161.114

Note: Do not set short TTL values for NS records. Typically this should be one day (86,400 seconds). For A records, one hour (3600 seconds) is normal. You can set these values to just about anything. Consider performance, cache timeouts, and cost.

For the Apache configuration file: /etc/apache2/sites-available/srv.conf add the line:

ServerAlias www.pushupteam.dev

and restart the Apache server:

sudo systemctl restart apache2

I am assuming that you correctly enabled srv.conf by running a command similar to a2ensite srv. Normally the configuration filename is the hostname.

To double check enabled virtual hosts, run this command:

apache2ctl -S

Make sure that both hostnames pushupteam.dev and www.pushupteam.dev are responding to normal web browser requests.